How one coder used 23andMe to create a race wall around the web

The API behind genetic testing tool 23andMe has been co-opted to block people from sites and apps based on their gender, ancestry and any genetic characteristic.

The Genetic Access Control source code was published on GitHub on 20 July by user 'offensive-computing', who joined the platform the same day. But just as swiftly, it has been shut down by 23andMe itself for promoting hate, WIRED.co.uk has learned. "This app clearly violates our API policy," a spokesperson said. "We've shut down the application and this developer no longer has access to our API... Using our API to develop applications that contain, display or promote hate is prohibited by our API Terms of Service."

Advertisement

Genetic Access Control works by using the third-party authentication tool OAuth2 to request permissions from 23andMe about your genetic makeup. Using it would have meant trusting this incredibly private data with whichever random, restrictive site you were trying to access. Before the shutdown, only 20 people would have been able to use the API in conjunction with the code, before 23andMe's review process kicked in and denied access. In fact, the company has updated WIRED.co.uk to say: "Our records show only three people actually used the proof-of-concept before we revoked the keys."

But why was this ever created in the first place?

Read next

We're all to blame for Wikipedia's huge sexism problem

ByRoger Highfield

The code's creator does offer some reasons -- a few more convincing than others. They suggest the code could be used to create "safe spaces" for marginalised groups to escape trolls -- for some reason flagging up half the population, the "female-only community", as a "trolled victim group". More specifically, on his GitHub post, offensive-computing suggests Hasidic jews might like to bar access for Ashekenazi or Sephardic jews, or the NAACP might want to filter its prospective members (perhaps a nod to the Rachel Dolezal saga).

The user also proposes a "safer online dating site" that ensures theres's a low chance of any potential pairings one day resulting in children with "two recessive genes for congenital diseases", or that pharmacies would be able to avoid dispensing drugs to those that might have a predisposition for negative reactions.

Advertisement

These are all, of course, speculative, because even if it had granted full access to its API 23andMe has just 1 million genotyped customers. For the code to be useful to anyone, a lot more of the world's 3 billion plus internet users would need to have signed up.

Moreover, while barring anyone from accessing information based on their genetic code flies in the face of the web's very foundations -- having been envisioned by Tim Berners-Lee as an egalitarian tool -- trolls are a fact of life, and it's of course feasible people would want to find a way to get away from them.

But trolls come in all shapes and sizes and guises, and siphoning off people into separate groups would hardly be a way to put an end to trolling everywhere. Which is why the premise seems more likely to have come from an individual that wants to ban others based on their gender or race, for personal reasons.

Advertisement

It doesn't help that the demo tool checks to see if you are primarily of European descent (minus any Ashkenazi roots, of course...) before granting site access. Anyone barred gets the delightful pop-up: "Invalid! You are X% of the permitted European ancestry." Which essentially screams, "you are not white enough".

In this context, 23andMe's conclusion that there is no other reason for the code, it is designed to "contain, display or promote hate", seems entirely justified.

23andMe had no affiliation with the developer behind the tool, and has made its feelings clear about this particular use of its API. But before we grow too concerned about the rampant racism and sexism this piece of code was designed to engender, or the Gattaca-style dystopia its creation seemed to herald, it's good to remember that just 1 million people would have been able to even use the API, if they were so inclined. The questions it raises about what might happen if a much wider database of genetic information was ever created, misused or co-opted are, however, worth considering.